DepthFirst Disclosures DepthFirstDisclosures

## poc-xorm-cache-poisoning.go
package main

/*

Author: Mav Levin @ DepthFirst.com

This is a proof-of-concept (PoC) for exploiting the
cache poisoning vulnerability in the xorm golang library.

If an attacker can a influence a session's SQL query string,

## poc-netty-smtp-injection.java
package com.depthfirst.poc;

import io.netty.handler.codec.smtp.SmtpRequest;
import io.netty.handler.codec.smtp.SmtpRequestEncoder;
import io.netty.handler.codec.smtp.SmtpRequests;
import io.netty.channel.embedded.EmbeddedChannel;
import io.netty.buffer.ByteBuf;
import io.netty.util.CharsetUtil;
import io.netty.bootstrap.Bootstrap;
import io.netty.channel.*;
	package main

	/*

	Author: Mav Levin @ DepthFirst.com

	This is a proof-of-concept (PoC) for exploiting the
	cache poisoning vulnerability in the xorm golang library.

	If an attacker can a influence a session's SQL query string,
	package com.depthfirst.poc;

	import io.netty.handler.codec.smtp.SmtpRequest;
	import io.netty.handler.codec.smtp.SmtpRequestEncoder;
	import io.netty.handler.codec.smtp.SmtpRequests;
	import io.netty.channel.embedded.EmbeddedChannel;
	import io.netty.buffer.ByteBuf;
	import io.netty.util.CharsetUtil;
	import io.netty.bootstrap.Bootstrap;
	import io.netty.channel.*;