Karthik Panjaje cyberinferno

## osx_bootstrap_uninstall.sh
#!/bin/bash
# http://redsymbol.net/articles/unofficial-bash-strict-mode/
set -euo pipefail
IFS=$'\n\t'

###################################
# BREW uninstall script for osx_bootstrap.sh script
###################################

SUDO_USER=$(whoami)

## osx_bootstrap.sh
#!/bin/bash
# http://redsymbol.net/articles/unofficial-bash-strict-mode/
set -euo pipefail
IFS=$'\n\t'

# inspired by
# https://gist.github.com/codeinthehole/26b37efa67041e1307db
# https://github.com/why-jay/osx-init/blob/master/install.sh
# https://github.com/timsutton/osx-vm-templates/blob/master/scripts/xcode-cli-tools.sh

## connect.php
<?php

$dsn = 'mysql:host=localhost;port=3307;dbname=testdb';
$username = 'username';
$password = 'password';
$options = array();
$db = new PDO($dsn, $username, $password, $options);

$name = $_GET['name'];

## gist:20b4a89d7e6d06541348a64837a18551
events {
  worker_connections  1024;
}

http {
  default_type       text/html;
  access_log         /dev/stdout;
  sendfile           on;
  keepalive_timeout  65;

## SplClassLoader.php
<?php

/*
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

## hb-test.py
#!/usr/bin/env python2

# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.

import sys
import struct
import socket
import time
import select

## php_mongodb_simple_pagination.php
<?php
$mongodb    = new Mongo("mongodb://username:password@localhost/database_name");
$database   = $mongodb->database_name;
$collection = $database->collection;

$page  = isset($_GET['page']) ? (int) $_GET['page'] : 1;
$limit = 12;
$skip  = ($page - 1) * $limit;
$next  = ($page + 1);
$prev  = ($page - 1);

## gist:7785290
vBulletin 5.0.0 all Beta releases SQL Injection Exploit 0day

#Category: web application
#Type: SQL Injection
#Requirements: Firefox/Live HTTP Headers/
#Dork: Powered by vBulletin™ Version 5.0.0 Beta   (or) Use ur Brain you'll get more o_O


Step 1
Create an Account on vBulletin forum Verify the account and Activate it

## README.md

      
              3 files
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                cyberinferno
                / README.md
            
            
              Created
              December 4, 2013 10:16
                — forked from nikcub/README.md
            
          
    In August 2007 a hacker found a way to expose the PHP source code on facebook.com. He retrieved two files and then emailed them to me, and I wrote about the issue:
http://techcrunch.com/2007/08/11/facebook-source-code-leaked/
It became a big deal:
http://www.techmeme.com/070812/p1#a070812p1
The two files are index.php (the homepage) and search.php (the search page)

  
## gist:7785285
#!/usr/bin/perl


use Mysql;
use strict;
use vars qw($school_name);
use vars qw($pass);

require "./cgi-lib.pl";
	#!/bin/bash
	# http://redsymbol.net/articles/unofficial-bash-strict-mode/
	set -euo pipefail
	IFS=$'\n\t'

	###################################
	# BREW uninstall script for osx_bootstrap.sh script
	###################################

	SUDO_USER=$(whoami)
	<?php

	$dsn = 'mysql:host=localhost;port=3307;dbname=testdb';
	$username = 'username';
	$password = 'password';
	$options = array();
	$db = new PDO($dsn, $username, $password, $options);

	$name = $_GET['name'];
	events {
	worker_connections 1024;
	}

	http {
	default_type text/html;
	access_log /dev/stdout;
	sendfile on;
	keepalive_timeout 65;
	<?php

	/*
	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
	* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
	* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
	* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	#!/usr/bin/env python2

	# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
	# The author disclaims copyright to this source code.

	import sys
	import struct
	import socket
	import time
	import select
	<?php
	$mongodb = new Mongo("mongodb://username:password@localhost/database_name");
	$database = $mongodb->database_name;
	$collection = $database->collection;

	$page = isset($_GET['page']) ? (int) $_GET['page'] : 1;
	$limit = 12;
	$skip = ($page - 1) * $limit;
	$next = ($page + 1);
	$prev = ($page - 1);
	vBulletin 5.0.0 all Beta releases SQL Injection Exploit 0day

	#Category: web application
	#Type: SQL Injection
	#Requirements: Firefox/Live HTTP Headers/
	#Dork: Powered by vBulletin™ Version 5.0.0 Beta (or) Use ur Brain you'll get more o_O


	Step 1
	Create an Account on vBulletin forum Verify the account and Activate it
	#!/usr/bin/perl



	use Mysql;
	use strict;
	use vars qw($school_name);
	use vars qw($pass);

	require "./cgi-lib.pl";