Below, by error it means some error appears or shows some different behaviour
\ // some error or a different behaviour
\\ // no error
' // error
'' // no error, it is a single quote written twice
''' // error
'''' // no error
Xib3rR4dAr
Xib3rR4dAr
/ prepared_statement.php
Created
June 17, 2020 17:15
[PHP Help] PHP HELP!! please tell me how to pass variable to the placeholder "?" to the question mark symbol, //SQL CODE $sql = "SELECT * FROM customer WHERE idusers=?;"; as you can see I have userd placeholder right after idusers=, so there I want to pass the variable
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- | |
| https://www.facebook.com/groups/2204685680/permalink/10159527798470681/ | |
| --> | |
| <form action="" method="POST"> | |
| <input type="text" name="owner" required="true"><br> | |
| <input type="submit"> | |
| </form> | |
| <?php |
Xib3rR4dAr
/ colorful_sqli.sql
Created
July 4, 2020 18:27
Print name, database, version, user, hostname, port in colors (answer to a question)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| concat (0x3C7374796C653E0D0A2376616C73207B0D0A2020666F6E742D66616D696C793A2022547265627563686574204D53222C20417269616C2C2048656C7665746963612C2073616E732D73657269663B0D0A2020626F726465722D636F6C6C617073653A20636F6C6C617073653B0D0A202077696474683A20313030253B0D0A7D0D0A0D0A2376616C732074642C202376616C73207468207B0D0A2020626F726465723A2032707820736F6C696420234637393430463B0D0A202070616464696E673A203870783B0D0A20636F6C6F723A7472616E73706172656E743B0D0A206261636B67726F756E643A0D0A2020726570656174696E672D6C696E6561722D6772616469656E7428746F2072696768742C0D0A2020202072656420202020302020203163682C0D0A20202020626C7565202020316368203263682C0D0A20202020677265656E2020326368203363682C0D0A20202020707572706C652033636820346368293B0D0A202D7765626B69742D6261636B67726F756E642D636C69703A746578743B0D0A206261636B67726F756E642D636C69703A746578743B0D0A7D0D0A0D0A2376616C732074723A6E74682D6368696C64286576656E297B6261636B67726F756E642D636F6C6F723A20236632663266323B7D0D0A0D0A2376616C732074723A686F766572207B6261636B67726F756E642D636F6C6F |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://www.facebook.com/groups/2204685680/permalink/10159646528425681/ | |
| # https://pastebin.com/KKZGafGr | |
| curl -i -s -k -X $'POST' \ | |
| -H $'Host: example.com' -H $'Connection: close' -H $'Accept: text/html, */*; q=0.01' -H $'Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7,es;q=0.6,de;q=0.5' -H $'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H $'Sec-Fetch-Dest: empty' -H $'Sec-Fetch-Mode: cors' -H $'Sec-Fetch-Site: same-origin' -H $'X-Requested-With: XMLHttpRequest' -H $'Referer: https://example.com/author/scauto/' -H $'Referrer-Policy: no-referrer-when-downgrade' -H $'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36' -H $'Content-Length: 187' \ | |
| --data-binary $'offset=0&category=0&author=255&tag=&date=0&searchQ=&searchA=0&limit=99999&idnotin=618814%2C618824%2C618825%2C618913%2C618917%2C618920%2C618921%2C618924%2C618997%2C618998%2C618999%2C619001' \ | |
| $'https://example.com/wp-content/themes/gridlocked/ |
Xib3rR4dAr
/ pma_version.sh
Last active
August 19, 2020 07:29
Get phpMyAdmin version from command line.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -siLk https://127.0.0.1:8443/phpmyadmin | grep -o -P '(?<=PMA_VERSION:").*(?=",auth_type)' | |
| curl -siLk https://127.0.0.1:8443/phpmyadmin/doc/html/index.html | grep -o -P '(?<=phpMyAdmin ).*(?= Documentation)' | |
| curl -siLk https://127.0.0.1:8443/phpmyadmin/docs/html/index.html | grep -o -P '(?<=phpMyAdmin ).*(?= Documentation)' | |
| curl -siLk https://127.0.0.1:8443/phpmyadmin/Documentation.html | grep -o -P '(?<=phpMyAdmin ).*(?= - Documentation)' |
Xib3rR4dAr
/ sqli_detection.md
Created
February 7, 2021 16:25
SQL Injection Detection by fuzzing and observing responses
Xib3rR4dAr
/ xss.php
Created
January 27, 2022 10:33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // For testing XSS is various status codes | |
| http_response_code($_GET['rCode']); // User controlled response code | |
| echo $_GET['payload']; // User input reflected as it is | |
| ?> |
Xib3rR4dAr
/ WP_plugin_Embed-Swagger_XSS_PoC.md
Last active
February 23, 2022 09:34
| Exploit Title | WordPress Plugin Embed Swagger 1.0.0 - Reflected Cross-Site Scripting |
| Exploit Author | Muhammad Zeeshan (Xib3rR4dAr) |
| Date | January 21, 2022 |
| Plugin Link | Embed Swagger |
| Version | 1.0.0 (Latest) |
| Tested on | Wordpress 5.8.3 |
Xib3rR4dAr
/ WP_plugin_wp-statistics_Unauthenticated-Stored-XSS_PoC.md
Last active
March 7, 2022 14:16
WordPress Plugin WP Statistics >= 13.1.5 - Unauthenticated Stored Cross-Site Scripting in `ip`
| Exploit Title | WordPress Plugin WP Statistics >= 13.1.5 - Unauthenticated Stored Cross-Site Scripting |
| Exploit Author | Muhammad Zeeshan (Xib3rR4dAr) |
| Date | February 13, 2022 |
| Plugin Link | WP-Statistics |
| Plugin Active Installations | 600,000+ |
| Version | 13.1.5 (Latest) |
Xib3rR4dAr
/ WP_plugin_wp-statistics_Unauthenticated-Stored-XSS_PoC.md
Last active
March 7, 2022 14:17
WordPress Plugin WP Statistics >= 13.1.5 - Unauthenticated Stored Cross-Site Scripting in platform
| Exploit Title | WordPress Plugin WP Statistics >= 13.1.5 - Unauthenticated Stored Cross-Site Scripting |
| Exploit Author | Muhammad Zeeshan (Xib3rR4dAr) |
| Date | February 13, 2022 |
| Plugin Link | WP-Statistics |
| Plugin Active Installations | 600,000+ |
| Version | 13.1.5 (Latest) |
Xib3rR4dAr
/ WP_plugin_wp-statistics_Unauthenticated-Stored-XSS_PoC.md
Last active
March 7, 2022 14:17
WordPress Plugin WP Statistics >= 13.1.5 - Unauthenticated Stored Cross-Site Scripting in browser
| Exploit Title | WordPress Plugin WP Statistics >= 13.1.5 - Unauthenticated Stored Cross-Site Scripting |
| Exploit Author | Muhammad Zeeshan (Xib3rR4dAr) |
| Date | February 13, 2022 |
| Plugin Link | WP-Statistics |
| Plugin Active Installations | 600,000+ |
| Version | 13.1.5 (Latest) |
OlderNewer